These days, it feels like everybody’s talking about encryption and privacy. Whether you work in healthcare, energy and utilities, financial services or some other enterprise—you’ve probably come across debates around privacy, encryption and how to securely communicate to maintain privacy. But with all the news reports and use of buzzwords being thrown around it’s easy to forget the basics. So what do terms like encryption, privacy and man-in-the middle attacks really mean?
In May, Vaporstream CEO Galina Datskovsky sat down with security expert Paul Viollis to address this very issue. Their discussion about private chatting—whether it’s an oxymoron or not—addressed many of the basic but important questions addressing privacy and encryption. We’ll link to the podcast below so that you can explore these questions in-depth but will also include some basic information on the topics addressed in the podcast in this blog post.
Question 1: What is encryption?
We talk about encryption so much that it’s easy to just hear the word and think “oh, protection”. But what does it really mean? Put simply, encryption is a method for protecting data from other people seeing it. This might include credit card information, personal files or even personal messages. Encryption works by essentially taking plain data such as texts and transforming it something unreadable. The process is based on a key—those with the key can unlock (I.e. decrypt) the data and view it in its original form. Without the key, no one can read your encrypted data.
Question 2: What does man-in-the middle attack mean?
Essentially, a man-in-the-middle attack is when communications are intercepted by a third person. An example of this is active eavesdropping—where the attack conveys messages between the targets that lead them to believe that they’re talking to each other directly via private connection while the conversation is actually entirely controlled by the attacker. In the podcast, Galina and Paul discuss further how man-in-the-middle attacks occur and how they can impact anyone.
Question 3: What is real privacy?
With encryption, protecting data from being read by those without a key, it becomes easy to assume you’ve achieved real privacy. But the fact of the matter is that humans are not infallible and there are other ways that information can be inadvertently or malicious shared. Encryption only protects data while it is in transit or at rest, but once opened a recipient or someone viewing the data can do anything they want with the information. A simple screenshot or the forwarding of a private message; the uploading of sensitive content to social media—these are not necessarily instances encryption can protect against. Full privacy is about full control over your information and preventing proliferation or leaks of your information.
To learn more about full privacy and how it can be achieved, as well as learn more about the questions we’ve discussed above, listen to Paul Viollis and Galina Datskovsky in “Private Chatting… Oxymoron or Not” at this link.
Contributor: The Vaporstream Team